Opinion – Risk Management Process: Self Assessment

It can be said that there are two kinds of business executives in this world.  Those who steer clear of self examination, fearing what skeletons lurk in the closet and those who periodically take a close look at themselves in the mirror, pausing to reflect on the paths they have travelled so far and what lies further ahead.

The former are most likely to charge full steam ahead, paying no heed to the tell tale signs of trouble, preferring to sweep inconvenient setbacks including risks under the carpet in their pursuit for corporate glory.  The latter on the other hand, are more likely to stop every so often and take stock of the progress of their ventures using a raft of tools to probe and uncover risks which if not dealt with can lead to their downfall.

Self-risk assessments are arguably one of the most potent tools a business has at its disposal to understand the ever-changing environment it operates in and the risks this presents.  Within the context of Corporate Governance and risk management, self-risk assessments are an indispensable component of the Internal Control framework which includes but is not limited to internal audit.  They offer management the opportunity to scrutinize dispassionately all threats to corporate objectives, thereby providing them with an early opportunity to implement control measures before the risks assume problematic proportions.

Due to issues of organizational complexity, implementing a self-risk assessment regime, although in itself not an overly a complicated process, can be challenging in any large organization.  It is important that all stakeholders who will participate in conducting the self-risk assessments are made fully conversant of what to look for, the metrics to be used in measuring and quantifying risk exposures and the techniques for determining the effectiveness and efficiencies of existing risk controls.  But most importantly, executive management must sign-off on the model for self-risk assessment that is to be used across the organization.

Once the self-risk assessment model to be deployed has been agreed by executive management, it can be distilled into a simple checklist comprising a risk identification register and quantification matrix for use by staff.

When used consistently and without exception, self-risk assessments contribute to a culture of “prevention is better than cure” in that before any activity is undertaken at the operational level, personnel are obliged to identify the hazards and risks inherent in the task or activity and ensure that appropriate precautions are in place.  This applies to activities undertaken in any context whether involving a manual handling process or entering into a new contract with a prospective supplier or service provider.  The latter activity will fall under the auspices of a due diligence exercise but with a heavy risk assessment emphasis.

A sample generic self-risk assessment process checklist is provided below:

risk management process

Experience in the mining industry has shown that rigorous implementation of self-risk assessments significantly reduces what are termed LTIFRs (Lost Time Injury Frequency Rates).  Elsewhere, organizations in other industry settings can apply self-risk assessment to self diagnose the risks they are exposed to and avoid potential corporate pitfalls by taking the necessary corrective actions, proactively before any harm is done.

Best practice standards in risk management and corporate governance laud the wisdom of conducting self-risk assessments.  These include ISO 31 000, Basel II and OHSAS 18001.  The premise and value proposition for self-risk assessment is elegantly simple: proactive identification of risk results in proactive control of risk.  The proactive management of risk is the foundation of successful operations and organizational performance.  Whilst it is impossible to be rid of all risks, through self-risk assessments it is quite conceivable to be identify and control all foreseeable risks.

In summary, to ensure quick wins, the self-risk assessment process must satisfy the following conditions:

  • Endorsement of the self-risk assessment approach and tools by executive management;
  • Participation by all members of staff especially those interacting with processes and specific tasks at a direct level; and
  • Integration of self-risk assessments in the organisation’s change management processes.

In light of the stringent liability clauses enshrined in the New Companies Act, it is important that executives take on board and promote a culture of self-risk assessment in discharging their duties to ensure that they are not liable for losses suffered by the company as a result of their failure to take reasonable actions to prevent such losses.

Today’s risk landscape which is constantly morphing at an alarming rate with new threats emerging on a daily basis demands a new breed of leadership.  Leaders who are not afraid to introspect and arrest the symptoms before all hell breaks loose are guaranteed of staying power.  Those who subscribe to a blind pursuit for targets and profits without proactively managing the underlying risks are in danger of being swept aside.  Only proactive leaders applying proactive tools such as self-risk assessments will in the end successfully steer their corporations to successful and sustainable futures.

By Millington Gumbo, General Manager, Consulting Services, ContinuitySA, MBCI, MIRM

Share this article
Opinion – Risk Management Process: Self Assessment